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This listing of claims will replace all prior versions, and listings, of claims in the application: 
The Status of the Claims 

1. (Currently Amended) A method of computer operating system data management 

comprising: 

associating data management information with data input to a process; and 
regulating operating system operations involving the data according to the data 
management information by: 

disassembling an application to be executed to obtain machine code; and 
modifying the obtained machine code of the application to include instructions to 
associate first data management information with a first s«bse taddressable unit of th e dat a 
file , to associate second data management information with a second sabse taddressable unit 
of the dat a the file , and to verify that the data management information indicates that the 
dat afirst addressable unit is authorized to be vmtten by an instruction to vmte the dat afirst 
addressable unit before the dat afirst addressable unit is vmtten. 

2. (Original) The method of claim 1 wherein supervisor code administers the method by 
controlling the process at run time. 

3. (Previously Presented) The method of claim 1, wherein, associating the data 
management information with the data input to the process comprises associating the data 
management information with the data as the data is read into a memory space. 

4. (Cancelled) 

5. (Previously Presented) The method of claim 1, wherein associating the data 
management information with the data input to the process comprises associating the data 
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management information with each independently addressable data unit that is read into the 
memory space. 

6. (Original) The method of claim 2, wherein the data management information is 
written to a data management memory space under control of the supervisor code. 

7. (Previously Presented) The method of claim 6 wherein the supervisor code comprises 
state machine automatons arranged to control the vmting of the data management information 
to the data management memory space. 

8. (Currently Amended) The melhod of claim I . w herein regulating the operating 
system operation comprises: identifying an operation involving the datafile; if the operation 
involves the datafile and is carried out within the process, maintaining an association between 
an output of the operation and the first data management information; and if the operation 
involving the datafile includes a vmte operation to a location external to the process, 
selectively performing the operation dependent on the first data management information. 

9. (Currently Amended) The method of claim 8, wherein identifying the operation 
comprises: analyzing process instructions to identify the operation involving the datafile: and, 
providing instructions relating to the first data management information with the operation 
involving the datafile. 

10. (Previously Presented) The method of claim 9, wherein the process instructions are 
analyzed as blocks, each block defined by operations up to a terminating condition. 

1 1 . (Previously Presented) The method of claim 1 , wherein code of an application is 
analyzed statically in order to create a control flow graph. 
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12. (Previously Presented) The method of claim 11, wherein the code is analyzed before 
load time. 

13. (Previously Presented) The method of claim 11, wherein the code is analyzed at load 
time. 

14. (Previously Presented) The method of claim 11, wherein code of an application is 
instrumented to identify an entry point of a conditional structure in the code and an exit point 
of the conditional structure, and in which the entry points and exit points are identified from 
the control flow graph. 

15. (Previously Presented) The method of claim 14, wherein the conditional structure 
includes a conditional expression, a process has a tag associated with a program counter stack 
and when the entry point of a conditional structure is identified at run-time, a current tag is 
pushed further on the program counter stack, and a new tag associated with the conditional 
expression is added to the front of the counter stack. 

16. (Previously Presented) The method of claim 15, wherein when the exit point of a 
conditional structure is identified at run time, the tag from the entry point of the conditional 
structure is returned to the front of the counter stack. 

17. (Previously Presented) The method of claim 15, wherein during all operations from 
an entry of the conditional structure, tags of the locations in branching expressions are 
updated according to the tag of the program counter stack. 

18. (Currently Amended) A computing platform including a processor for operating 
system data management, the computing platform comprising a data management unit, the 
data management unit arranged to associate data management information with data input to 
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a process, and to regulate operating system operations involving the data according to the 
data management information by disassembling an application to be executed to obtain 
machine code, and modifying the obtained machine code of the application to include 
instructions to associate first data management information with a first sttbse taddressable unit 
of fee-da ta file and second data management information with a second subse taddressable 
unit of the dat a the file and to verify that the data management information indicates that data 
the first addressable unit is authorized to be vmtten by an instruction to write the data before 
dat athe first addressable unit is written. 

19. (Original) The computing platform of claim 18, fiorther comprising a memory space, 
the computing platform arranged to load the process into the memory space and run the 
process under the control of the data management unit. 

20. (Cancelled) 

21. (Previously Presented) The computing platform of claim 18, wherein the data 
management information is associated with each independently addressable data unit of the 
data. 

22. (Original) The computing platform of claim 18, wherein the data management unit 
comprises part of an operating system kernel space. 

23. (Previously Presented) The computing platform of claim 22, wherein the operating 
system kernel space comprises a tagging driver to control loading of supervisor code into 

the memory space with the process. 

24. (Original) The computing platform of claim 23, wherein the supervisor code controls 
the process at run time to administer the operating system data management unit. 
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25. (Previously Presented) The computing platform of claim 22, wherein the supervisor 
code is arranged to analyze instructions of the process to identify operations involving the 
data, and, to provide instructions relating to the data management information with the 
operations involving the data. 

26. (Original) The computing platform of claim 23, wherein the memory space further 
comprises a data management information area under control of the supervisor code arranged 
to store the data management information. 

27. (Original) The computing platform of claim 19, wherein the data management unit 
comprises a data filter arranged to identify data management information associated with data 
that is to be read into the memory space. 

28. (Original) The computing platform of claim 27, wherein the data filter is arranged to 
associate data management information with data read into the memory space from 
predetermined sources, or alternatively is arranged to associate default data management 
information with data read into the memory space. 

29. (Previously Presented) The computing platform of claim 18, wherein the data 
management unit further comprises a tag management module to allow a user to specify data 
management information to be associated with data. 

30. (Previously Presented) The computing platform of claim 18, wherein the data 
management unit comprises a tag propagation module to maintain an association with the 
data that has been read into the process and the data management information associated 
therewith. 
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31. (Previously Presented) The computing platform of claim 30, wherein the tag 
propagation module is to maintain an association between an output of operations carried out 
within the process and the data management information associated with the data involved in 
the operations. 

32. (Previously Presented) The computing platform of claim 31, wherein the tag 
propagation module comprises state machine automatons to maintain an association between 
an output of operations carried out within the process and the data management information 
associated with the data involved in the operations. 

33. (Previously Presented) The computing platform of claim 1 8. wherein code of an 
application is instrumented to identify an entry point of a conditional structure in the code 
and an exit point of the conditional structure, the computing platform further comprising a 
static code analyzer to identify conditional branch entry and exit points and a conditional tag 
propagator to propagate, at runtime, tags associated with data storage locations included in 
the conditional structure. 

34. (Currently Amended) An operating system data management method comprising: 
disassembling an application to be executed to obtain machine code; and 
modifying the obtained machine code of the application to include instructions to 

identify data having data management information associated therewith when the data is to be 

read into a memory space, the instructions to identify data having the data management 
information associated therewith including instmctions to associate first data management 
information with a first sut»se taddressable unit of the dat a file , to associate second data 
management information with a second subset addressable unit of the data the file , and to 
verify that the data management information indicates that the dat afirst addressable unit is 
authorized to be written by an instruction to write the dat afirst addressable unit before the 
dat afirst addressable unit is written. 
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35. (Previously Presented) The method of claim 34, further comprising: associating data 
management information with the data in response to determining that no data management 
information associated with the data. 

36. (Original) The method of claim 34, wherein the data management information 
associated with data is read into the memory space with the data. 

37. (Previously Presented) The method of claim 34, further comprising: maintaining an 
association between the data and the data management information when the data is involved 
in operations within a process, and associating data management information with other data 
resulting from operations involving the data. 

38. (Cancelled) 

39. (Previously Presented) The method of claim 37, further comprising: examining the 
data management information when the data is to be involved in an operation external to the 
process, and allowing the operation if it is compatible with the data management information. 

40. (Original) The method of claim 39, wherein the operation is blocked if it is not 
compatible with the data management information. 

41. (Original) The method of claim 39, wherein the operation external to the process is 
compatible with the data management information subject to including the associated data 
management information with an output of the operation. 

42. (Original) The method of claim 34, wherein the data management information 
identifies a set of permitted operations. 
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43. (Currently Amended) An operating system data management apparatus comprising: 

a data management unit to associate data management information with data input to 
a process, and to disassemble an application to be executed to obtain machine code and 
modify the obtained machine code of the application to include instructions to associate first 
data management information with a first subse taddressable unit of the da t a file , instructions 
to associate second data management information with a second subse taddressable unit of fee 
dat athe file , and instructions to verify that the data management information indicates that the 
dat afirst addressable unit is authorized to be written by an instruction to write the dat afirst 
addressable unit before the dat afirst addressable unit is written; and 

a processor to identify data having data management information associated therewith 
when that data is read into a memory space. 

44. (Previously Presented) The apparatus of claim 43, wherein the processor is to 
associate data management information with the data if the data is identified as having no 
data management information associated therewith. 

45. (Previously Presented) The apparatus of claim 43, wherein the processor is arranged 
to read the data management information associated with the data into the memory space with 
the data. 

46. (Previously Presented) The apparatus of claim 43, further comprising a tag 
propagation module to maintain an association between the data and the data management 
information when the data is involved in operations within the process, and to associate data 
management information with other data resulting from operations involving the data. 

47. (Previously Presented) The apparatus of claim 46, wherein the tag propagation 
module comprises state machine automatons to maintain an association between the data and 
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the data management information when the data is involved in operations within the process, 
and to associate data management information with other data resulting from operations 
involving the data. 

48. (Previously Presented) The apparatus of claim 46, wherein the tag propagation 
module is to examine the data management information when the data is to be involved in an 
operation external to the process, and to cause the operation to be allowed if it is compatible 
with the data management information. 

49. (Previously Presented) The apparatus of claim 48, wherein the tag propagation 
module is to cause the operation to be blocked if the operation is not compatible with the 
data management information. 

50. (Previously Presented) The apparatus of claim 48, wherein the tag propagation 
module is to perform the operation external to the process subject to including the associated 
data management information with an output of the operation. 

51. (Original) The apparatus of claim 43, wherein the data management information 
identifies a set of permitted operations. 

52. (Previously Presented) A tangible computer readable medium storing a computer 
program including instructions configured to enable operating system data management in 
accordance with the method of operating system data management of claim 1. 

53. (Previously Presented) A tangible computer readable medium storing a computer 
program including instructions configured to enable operating system data management in 
accordance with or the operating system data management method of claim 31. 
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54. (Previously Presented) A method of modifying computer code of an application, the 
method comprising: 

identifying conditional branches in machine code; 

instrumenting machine code of the application to provide information regarding entry 
and exit points of the conditional structures; and 

modifying the machine code to include instructions that, when executed, cause a 
computer to regulate the data according to data management information, wherein the 
instructions to regulate the data according to the data management information include 
instructions to associate first data management information with a first subset of the data and 
second data management information with a second subset of the data and to verify that the 
data management information indicates that the data is authorized to be vmtten by an 
instruction to write the data before the data is written. 

55. (Previously Presented) The method of claim 54, wherein the modification is carried 
out before load time. 

56. (Previously Presented) The method of claim 54, wherein the modification is carried 
out at load time. 

57. (Previously Presented) The method of claims 54, further comprising creating a 
control flow graph representation of the code and analyzing the conditional flow graph to 
identify conditional branches in the code. 

58. (Previously Presented) An operating system stored on a tangible computer readable 
medium comprising an application code modifying unit to perform the method of operating 
system data management of claim 1. 
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59. (Previously Presented) An operating system stored on a tangible computer readable 
medium comprising an application code modifying unit to perform the operating system data 
management method of claim 34. 
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